Twitter

Mastodon

AIM

MSN

ICQ

Yahoo

XMPP / Jabber

Skype

Location

Interests

Hello all,
If I read and understand the forum correctly, I’m not the only one who is unable to set up a port forwarding with vpn.
Because I have tried all sorts of things and cannot find a solution, I’m curious if there is someone who can help me out on this.
What I want to do:
I want to acces my NASserver and my Webcam from outside my network. This requires three ports. I chose Air vpn because they support port forwarding and I bought an Asus router (RT-AC66U) that has a vpn-server and that also has a vpn-client.
My network configuration is set as follows:
- modem / router from ISP (iprange 192.168.xxx.xxx)
- behind it the Asus router (iprange 192.169.xxx.xxx)
- WAN port Asus router is connected to LAN port of ISP
- behind Asus router an additional router (sitecom) that serves as an "amplifier". These routers are connected by a cable between LAN. The sitecom router has a fixed IP address within the range of the Asus router.
- DHCP from sitecom is switched off. Asus router controls the allocation of IP addresses and handling of internet traffic.
This setup has always worked great (without VPN). After setting up a vpn-client, all computers, phones etc can acces the internet without any problems. The NASserver is able to make a backup via a built-in SSH to a server at a different location (outside LAN).
It is no longer possible to access the NAS server from outside the LAN via http / ftp / sftp.
I tried the following to get it working:
- vpn server enabled / vpn client disabled
- vpn server enabled & vpn client enabled
- nasserver provided with ipadress within range of vpn-server
- routes
- Port forwarding set from VPN server to LAN and vice versa I don't get it working.
Thanks in advance for your tips and help
Kind regards,
Ivo

I am running XP Pro, but would prefer to install AirVPN on my router (MikroTik hex rb750gr3). I'm finding conflicting info on whether or not this is possible, and hoping someone here can decipher this, and provide a definite answer. From what I have been able to figure out, the AirVPN client is not compatible, which leaves OpenVPN client as the only possibility. Here things become murky. According to MikroTik site (https://wiki.mikrotik.com/wiki/OpenVPN) it is supported. According to other forums, it is not supported very well. I'd like to hear opinions as to whether or not installing AirVPN on my router is likely to be successful, or more likely a waste of time. If the latter, any suggestions for a replacement router to buy? Note that I will purchase 'wired-only' routers, and my budget ends at $300. I never buy any sort of wireless, wi-fi, or bluetooth devices. So far, the only 'wired-only' routers I have found are Cisco and Ubiquiti brands.

Hello, I was curious what would happen if I used AirVPN with ASUS Merlin router and have Eddie installed on a windows 10 workstation at the same time. Obv trying to avoid IP leaking. Would using AirVPN on an ASUS router with Merlin be just as reliable as the Eddie software? Eddie has been rocksolid and as far as I know has never had a leak, the network lock works great.. But I would really love to switch things up and get a new router with AirVPN installed on it. I have concerns that the killswitch or lock on the router is not as realiable as Eddies custom client. On the ASUS router, if I use the .ovpn file from AirVPN and also configure the killswitch policy rules to only let out VPN connections would that be just as reliable as the Eddie client? Is it possible to install the client on the PC along with AIR on the router? That way most of my devices will use the router vpn and a couple workstations can use the Eddie client and connect to the VPN router, kinda like a double killswitch. Im just looking for ideas or any feedback. Which would you guys trust more... the killswitch on router or network lock on eddie? Thank you!

Hello, I was messing around with a local web page hosted on my raspberry pi for local projects, and using that web page works fine from my pc which has an ethernet cable to my router. However when I try to access the page with my android phone, I cannot connect to the web page. I can also not reach my router admin page from my android device, something that DOES work on my pc... All three devices: pc, android phone, raspberry pi are running on AirVPN. The moment I disconnect from the VPN, I can access the admin panel and the website from my phone. Is there a way to make devices connected via wifi while using the VPN able to access my router / other local machines? Thanks in advance.

Someone I might know has found recently while torrenting the download speed suddenly drops dramatically to almost zero and on many occasions the modem router suddenly loses line sync. Prior to disconnection openvpn (running in a terminal window) reports numerous possible replay attacks. Setup is Ubuntu 16.06 LTS running openvpn with ovpn files from config generator (keys separate, hosts resolved). Numerous different servers and ports have been tried. ovpn files modified to run update-resolv-conf on up / down. ipv6 disabled in grub.cfg. ufw used to deny all incoming ports except 67,68/udp 80,443/tcp and the airvpn mapped port over tcp (further restricted to tun0 interface). Are they just being paranoid or is their ISP or some other actor able to detect torrent activity and cause the router to disconnect?

This is only a solution for people in their home country willing/wanting to bypass the VPN to access their Netflix account. Does not help for out-of-country Netflix access. I was surprised to not see this in the forum, as it's very simple and works. It is a very short script added to the Custom Configuration which pulls the current IP addresses for a domain name (Netflix.com, Hulu.com) and routes those addresses "around" the VPN.
allow-pull-fqdn
route www.netflix.com 255.255.255.255 net_gateway
So far I've been using this for a day, and had to restart things one time to get it to pick up new addresses. I would like to find a way to run this at regular intervals to add to the IP list (without duplicating addresses already in the list).

Hi. When connected to an AirVPN-server through a VPN-router... Are there any fixed IPs on the VPN-server that can be used to ping for monitoring the quality of the VPN connection (RRD graphs etc)? I used to be able to use 10.x.0.1 but they do not seem to respond to pings anymore. What is the correct IP to use for this purpose? Kind regards,

Step 1: First configure the Tomato VPN client (I am using Shibby's AIO build 134, but any of the recent VPN builds that have policy based routing included should work) so that all traffic is sent through the VPN and ensure that works. Once that is working, you can continue. Getting that working is outside the scope of this guide, and a good guide can be found here. Step 2: On the 'Advanced' tab of the VPN client, check the Ignore Redirect Gateway (route-nopull) option and on the Routing Policy tab, check the Redirect Through VPN option, and add the devices you want to redirect through the VPN. In my case, I added Source IP 192.168.1.120, as this is the only client on my LAN I want to be routed through the VPN. Once that's done, ensure the VPN client is running and see if you have internet access through the tunnel for the specified client. I use ipleak.net to test. You will likely notice that while your IP address is that of the VPN, DNS is still being served by whichever DNS servers your router has configured. This is normal, and is solved in step 3. Step 3: On the Advanced -> DHCP/DNS tab, in the advanced configuration:
# Create a tag for clients to use a specific DNS server
dhcp-option=tag:vpn,option:dns-server,10.30.0.1
# Tell these clients when they connect to use the VPN tag
dhcp-host=XX:XX:XX:XX:XX:XX,set:vpn,hostnameyouwanttouse,192.168.1.120
The XX:XX:XX:XX:XX:XX above is the MAC address of your device's network interface. You can find this easily on the Status -> Device List tab. This line is essentially assigning static DHCP for the client with the MAC address specified. This tells all clients tagged as 'vpn' to use 10.30.0.1 as their DNS server. Disconnect your client that you wish to route through the VPN and reconnect it so that it renews the DHCP lease. You may also need to flush the DNS on the client. On Windows this is done from a command prompt run as administrator and typing:
ipconfig /flushdnsNote: I am connecting to air on port 2018 to make QoS rules easier, so that's why you see 10.30.0.1 for the DNS server. Use whichever Air DNS server is appropriate for your connection. Step 4: Now, in Administration -> Scripts -> Firewall add the following:
iptables -t nat -I PREROUTING -i br0 -s 192.168.1.120 -p udp --dport 53 -j DNAT --to 10.30.0.1
iptables -t nat -I PREROUTING -i br0 -s 192.168.1.120 -p tcp --dport 53 -j DNAT --to 10.30.0.1
iptables -I FORWARD ! -o tun11 -s 192.168.1.120 -j DROP
The first two lines prevent the specified client from specifying their own DNS servers, so if this is an issue for you, these rules will make sure the client always uses Air's DNS server. The third line prevents ANY traffic from that client using anything other than the VPN interface "tun11". Note: tun11 is the interface Tomato creates for VPN Client 1. If you use VPN Client 2 use tun12 instead. Routing an entire bridge: To take this a step further I also created an entire bridge (br1) on a different subnet (172.16.0.1/24), and a virtual wireless network on that bridge that 100% uses the VPN tunnel. The rules for an entire subnet are a little different. Configuring additional bridges and virtual wireless access points in Tomato is outside the scope of this guide. Again, in the VPN Client Policy Routing tab, add the "Source IP" and enter 172.16.0.0/24, then in Advanced -> DHCP/DNS:
dhcp-option=tag:br1,option:dns-server,10.30.0.1
This tells all clients that connect to br1 to use 10.30.0.1 as their DNS server. Tomato, by default, tags the clients with the bridge they are connected to, so that's all that is required to tell clients on that bridge to use a different DNS server. Then in the Firewall:
iptables -t nat -I PREROUTING -i br1 -p udp --dport 53 -j DNAT --to 10.30.0.1
iptables -t nat -I PREROUTING -i br1 -p tcp --dport 53 -j DNAT --to 10.30.0.1
iptables -t nat -I POSTROUTING -s 172.16.0.1/255.255.255.0 -o tun11 -j MASQUERADE
iptables -I FORWARD -i br1 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br1 -j ACCEPT
iptables -I FORWARD ! -o tun11 -s 172.16.0.1/255.255.255.0 -j DROP
Again, the first two lines prevent clients from specifying their own DNS servers. The next three lines are required, as Tomato's VPN client doesn't automatically add them for bridges other than br0. Without these, no traffic will move between br3 and tun11 (and hence, you will not get a connection). The last line prevents all traffic on br1 if the VPN is down. Port Forwarding: This is straight from AirVPN's FAQ, copied here for completeness. To forward ports to clients, four firewall rules are required for each port you wish to forward. Here I am forwarding port 12345 (both UDP and TCP) to my one VPN'd client on my main LAN.:
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.120 --dport 12345 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.120 --dport 12345 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 12345 -j DNAT --to-destination 192.168.1.120
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 12345 -j DNAT --to-destination 192.168.1.120 Preventing leaks on the main LAN when not using policy routing: If you are not interested in policy based routing, and just want to prevent leaks while routing all traffic through the VPN, make sure you check Redirect Internet traffic in the VPN Client Advanced tab and then the following firewall rules:
iptables -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 10.30.0.1
iptables -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 10.30.0.1
iptables -I FORWARD ! -o tun11 -s 192.168.1.1/255.255.255.0 -j DROP
The above is completely untested by me as I don't want to route my main LAN (other than a single client) over the VPN. It may cause connectivity issues with the router itself if the tunnel goes down. If someone does test, please come back here and report your results! I hope this guide helps anyone wishing to use Tomato's VPN client to get connected and if you run in to any trouble, I am happy to try and help solve the issue. Troubleshooting: If something isn't working and you've entered everything correctly, I've found that rebooting the client you want routed through the VPN or restarting the VPN client can help. Also, rebooting the router will flush out anything left over between configuration steps and can sometimes solve problems. You can also rebuild the firewall rules in Tomato by going to the Tools->System Commands tab in the interface, and sending service firewall restart. If these don't help, double check that everything is configured appropriately.

Hi, I'm trying to use a NetGear R6300v1 as a VPN Router with the latest DD-WRT build I could find (dd-wrt.v24-36330_NEWD-2_K3.x_mega-R6300). I can establish a TCP/443 connection to AirVPN (using DE or NL servers) and everything is fine in my opinion: There seem to be no DNS leaks and when the VPN goes down the R6300v1 stops traffic over the WAN interface, just as I want it to. With my 100/40 MBit/s NetCologne DSL @ home I see about 15/13 MBit/s VPN Performance on the R6300v1 with TCP, I have not yet seen more than 30% CPU usage on the R6300v1 during Speedtests. Streaming 1080p YouTube videos in a browser window on a PC connected via LAN to the R6300v1 the CPU usage stays below 15%. Streaming 4K video to an iPad connected via 5 GHz WLAN results in 25% to 35% CPU usage on the R6300v1. This is using a TCP connection - I wonder if UDP would give me more performance and if I should strive further to get that up and running? My problem is: With the very same settings - AFAIK I don't have anything TCP exclusive in there - just switching to UDP for connecting to AirVPN I cannot browse anything anymore. DNS resolution still works with UDP, I can ping for example www.heise.de both in Windows and via SSH directly on the R6300v1, I just cannot browse to www.heise.de. On a sidenote, the same is true if I use 'OpenVPN connect' on an iPad (iOS 11.4.1) - when I generate a .ovpn config for TCP/443 to German servers all is well, same config just with UDP/443 not so much on the iPad, too. On a second sidenote, I can get the latest Tomato build I could find for the R6300v1 (tomato-Netgear-R6300V1_RT-AC6x--140-AIO-64K) to do the same and have the same UDP issue as with the DD-WRT load ... I settled for DD-WRT for now because it seems to me the hardware support, especially WLAN AC, is better in the more recent DD-WRT build I'm using. I think I'm either missing something obvious or UDP simply cannot work on the R6300v1 (and an iPad). If anybody has an idea what I should try differently with the settings, I'd very much appreciate the information. Thanks in advance, Kyle

Hello guys, I was wondering if there is a speed limitation while using OpenVPN with Router, technically it's AsusWRT, using Asus AC68. I saw some threads in AirVPN before, but I think they were dragged down to the bottom of the forum, since it's been quite some time. I'm upgrading to get better bandwidth, and I was wondering if this happens. Should it happen, does it have any fixes? Thank you in advance. Best Regards, J.Smith

Hello, I am not sure this is the right section for posting . As a newb of VPN, I would like to know if anybody has setup a CISCO RV325 router for working with AirVPN and if he could share method and settings...I am currently using ASUS DD-WRT firmware with AirVPN but I had a look at the CISCO emulator and at first sight it does not look so friendly :-( so any help is really appreciated :-) . I searched in the forum and I did not find any reference to this device . Do you think an appliance with pfsense would be more "safe", known the US approach to privacy matter? Thank you

Hi, I just purchased the ASUS RT-AC66U B1 router and intended to configure it to work with AirVPN. I visited the client area to download the configuration file for routers and also followed the asuswrt guide but it doesn't seem to work as I lose connection. Can anyone please help me as I have already updated the router to the latest firmware. Thanks.

Hello, I set up airVPN on my mini router using a custom build of openWRT from GL.inet but when I run ipleak and whoer it comes back with a ton of DNS leaks (50+). When I changed the DNS from "Keep blank to use default DNS" to Custom DNS of 10.4.0.1 and 10.5.0.1 then airVPN can no longer connect at all! I've also tried checking the box that says: "Force all clients to use: [ ] Override Clients' DNS setting" but it doesn't solve the issue. After setting the Custom DNS, airVPN disconnects and says the following over and over: RESOLVE: Cannot resolve host address: America.vpn.airdns.org:1194 (try again) Could not determine IPv4/IPv6 Protocol SIGUSR1 [soft,init_instance] received, process restarting Thoughts? NOTE: When NOT connecting through the router, and just firing up Eddie on my mac, I get no leaks.

EDIT: Hello all In order to get an Internet connection i need to reset dns and ip settings everytime after being connected to AirVPN. Help and information about any of this is greatly appreciated. Thanks for reading. SOLVED using merlin user scripts.

hi all, i've been having problems with my internet connection and my ISP switched my router and other things. I was wondering, being that the firmware is not open source, is there any other way to check whether the router has a backdoor installed? thanks

Hi, After I've forwarded the right port in AirVPN client area and put the right settings in qBittorrent, I finally get great speeds while connected to the VPN service. However, the speeds (for torrents), seem to fluctuate heavily between 0 and 200Mbit (my max speed). I have the feeling it is because of some setting or limit somewhere that high speeds cannot be sustained. Here is a screenshot of the Eddie speed: More info: - Using network lock - Using OS X 10.12.6 - Using an SSD - Using Asus AC-3200 router - Only using the utun3 network interface in qBittorrent - Used settings described here for qBittorrent - Disabled firewall on router - Looked for any settings in my router that might impede sustained speed like ICMP flood detection but cannot find those - Using port forwarding in client area Is this normal behaviour? I don't really mind it for the time being, as speed is much faster than before, however maybe I'm missing a setting that could prevent this?

I normally use AirVPN with openvpn in my computer, with openresolv to allow openvpn to connect to the server then change the DNS so it is tunnelled through the VPN connection. The openvpn config file I downloaded specifies a country, not a particular server, so DNS resolution is needed initially to make the connection. However I am interested in putting the VPN inside a router instead, and I have been experimenting. Looking at the instructions for ddrwt and here: https://airvpn.org/topic/14378-how-can-i-get-vpn-servers-entry-ip-addresses/ it seems it will not be possible to continue using my existing per-country configuration, as I need to give a specific IP address, ie choose just one server (and edit the .ovpn file accordingly). At the moment, I am using an OpenNIC DNS server in parallel with the VPN one instead, but I'd rather not continue to do this. Am I right in thinking each query goes to both DNS servers (rather than using the second one only if the first doesn't return an IP address)? Is there a way to select a country or region, rather than a specific AirVPN server, in this situation? I want to continue using openvpn manually as I understand and trust this method. I am also more familiar with the command line (ssh into the router) than LEDE/OpenWRT, which is new to me.

Problem: I have devices on different subnets ( 192.168.15.x, 192.168.35.x ) and would like for them to be able to discover each other. Specifically I want them so see each others minecraft (bedrock/pocket) worlds. the 15.x network is the "privileged" home network, where as the 35.x network is intended as guest-wifi network with no internet access ( also vpn clients would be given a IP here ) currently they cannot see each other - if I add a route with 192.168.15.x to the vpn config then vpn clients can access webservers in this subnet but minecraft clients still can't see each other. My router is a N66 running tomatoUSB and both subnets are entirely controlled by it. Question: Is this even possible? If so - how? Any help would be appreciated I currently do not know enough to even successfully google for marginally useful information

Hi AirVPN users! OpenVPN 2.4.2 has been released for DD-WRT, see http://svn.dd-wrt.com/ticket/5830#no1 Changesets can be found here for any other updates http://svn.dd-wrt.com/search?q=openvpn&noquickjump=1&changeset=on You can find the latest builds from ftp://ftp.dd-wrt.com/betas/2019 but please choice builds higher then 06-01-2017-r32170 but before you upgrade! please type in your router model here to rule out any known bugs! http://svn.dd-wrt.com/ if okay then go a head and upgrade Keeo in mind any lower builds dont have the vulnerabilities patch https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results I can myself confirm build ftp://ftp.dd-wrt.com/betas/2017/07-19-2017-r32753/ Is working great for my TP-Link router

Hi there, I'm hoping someone may be able to assist me with a configuration for my router. My setup is that I'm running a DD-WRT based router with three wireless networks and four devices using a wired connection to the router. Half of my local network is allocated to my DHCP pool for most of these devices. I have my VPN up and running fine, however I would like to do something more advanced with my setup. I would like to split up my network somewhat so that two of the wireless networks as well as the wired computers that all get their IPs from the DHCP pool utilize the VPN for their internet traffic while the devices outside of the DHCP pool and on the third wireless network do not use the VPN. I have the Policy Based Routing setup with the subnet of the DHCP pool and I've been playing around with my IPTables configuration, but I'm hitting a wall trying to keep the traffic split. Any help for this would be greatly appreciated. Thanks in advance, Miko

hi airvpn forums, i have been using airvpn for 20 days now and the service as a whole has exceeded my expectations. i'm currently getting the following pop up notification and message in my logs. "Warning: route gateway is ambiguous: 192.1xx.x.xxx (2 matches)" i'm still able to connect to the internet. i pass ip, dns and torrent detection tests at ipleak.net. i have seen a similar post in these forums but they had connectivity issues because of it. is this leaking my ip/details to the public? or is there anything else (security or otherwise) i should be worried about? billion model bipac 7404vgpx, latest version of windows 10, eddie 2.12.4 with network lock activated. my logs are attached. the warning in this file can be found 16 lines from the bottom. i receive the warning at the beginning or during a session. warning gateway is ambiguous.txt

Hello, In the "Guide to Getting Started + Links for Advanced Users" under "Which other steps can I take to increase my privacy and security" it states: If you're looking for a technical challenge, you can install pfSense on a very powerful computer, to make it act like a router, so that all devices connected to your Wi-Fi will be covered by the VPN.If you're a geek or networking enthusiast, you can also check out things such as the Turris Omnia router, which offers very powerful hardware & software. So my question is: What is the functional difference between the two? One's a small computer you recommend turning into a router. The other is basically a supped up open source router running openWRT. Upon inspection, I'm not quite sure why this router (Turris Omnia) was recommended over something like the Asus RT-AC5300. I'm essentially looking for the most secure router possible.